How to Send Cold Emails Without Getting Banned by Gmail

You set up a new Gmail account. You bought a domain. You wrote your cold email. You uploaded 200 contacts and hit send.

Three days later, your account is suspended. No warning. No explanation. Just a gray screen that says "Your account has been disabled."

This happens to thousands of founders, salespeople, and marketers every month — not because they're spammers, but because they didn't understand the rules Google operates by. Gmail doesn't ban "spam." It bans behavior patterns that look like spam, even if your intentions are legitimate.

Here's how to send cold email through Gmail without triggering those patterns — and what to do if you're already in trouble.

What "Getting Banned" Actually Means

Before we fix the problem, let's define it. There are four levels of Gmail enforcement, and they're not the same thing:

1. Spam folder placement — Your emails land in the recipient's spam folder instead of their inbox. Your account is still functional; your deliverability is just broken. This is the most common problem and also the most fixable.
2. Throttling — Gmail lets you send, but at a severely reduced rate. Instead of 500 emails/day, you might get 50. This is usually temporary but signals that Google is watching you.
3. Suspension — Your Gmail account is temporarily disabled. You can appeal, and accounts are often restored within 24-72 hours if you explain your use case. But each suspension makes the next one more likely.
4. Permanent ban — Your account is gone, along with all its data. Appeals rarely succeed. This is what happens when you ignore the first three warning signs.

Most people who think they "got banned" actually got throttled or sent to spam. Understanding the difference matters because the fix for each is different.

Why Gmail Bans Cold Email Accounts

Google's algorithms look for specific behavioral signals. Here's what triggers them, in order of severity:

1. Sudden Volume Spikes on a New Account

A brand new Gmail account that sends 200 emails in its first week is the single strongest spam signal Google tracks. Real humans don't create accounts and immediately start blasting. They send 5-10 emails a day, then 20, then 50 — gradually, over weeks.

What triggers it: Sending more than 10-15 emails/day in the first week of a new account.

How to avoid it: Ramp up slowly. Start at 5 emails/day. Increase by 5 every 3 days until you reach your target volume. This takes patience but it's the only reliable method.

2. High Spam Complaint Rate

Every time someone clicks "Report spam" on your email, Google logs it. A complaint rate above 0.1% (that's 1 in 1,000) is considered high. Above 0.3% is dangerous. Above 0.5% and your account is on borrowed time.

What triggers it: Irrelevant emails sent to people who didn't opt in and don't recognize you.

How to avoid it: Target people who would genuinely benefit from your offer. Make your unsubscribe link obvious. If someone replies "not interested," remove them immediately.

3. No Warmup Period

Email warmup is the process of gradually increasing your sending volume while generating positive engagement signals (opens, replies, marking as "not spam"). Skipping warmup is like walking into a bank wearing a ski mask and asking for a loan — technically legal, but every signal screams "criminal."

What triggers it: Any sending volume above 20-30 emails/day without a warmup history.

How to avoid it: Warm up every new account for at least 14 days before sending a single cold email. 30 days is better. We'll cover the exact schedule below.

4. Poor List Hygiene

Sending to invalid email addresses generates hard bounces. Google tracks your bounce rate. A bounce rate above 5% triggers throttling. Above 10% can trigger suspension. Sending to spam traps (inactive addresses Google monitors to catch spammers) is even worse — it's essentially an instant flag.

What triggers it: Unverified lists, bought lists, old lists that haven't been cleaned in 6+ months.

How to avoid it: Verify every email address before sending. Remove hard bounces immediately. Never buy a list.

5. Missing or Misconfigured DNS Records

SPF, DKIM, and DMARC are the three DNS records that prove your email is actually from you and not a spoofed address. Without them, Gmail has no way to verify that your email is legitimate — so it assumes it isn't.

What triggers it: Sending from a custom domain with no SPF, DKIM, or DMARC records configured.

How to avoid it: Set up all three records before sending your first email. We'll cover the exact configuration below.

The Daily Send Limits You Should Never Cross

Google publishes official limits, but they're for normal (non-cold) email usage. For cold outreach, the practical safe limits are much lower:

Account Type	Google's Official Limit	Safe Cold Email Limit
Free Gmail (@gmail.com)	500 recipients/day	Do not use for cold email
Google Workspace Individual	2,000 recipients/day	100-150/day (warmed up)
Google Workspace Business	2,000 recipients/day	200-300/day (warmed up)
Google Workspace Enterprise	2,000+ recipients/day	300-500/day (warmed up)

Critical note: Never use a free @gmail.com address for cold outreach. Google's terms of service explicitly prohibit sending bulk or commercial email from free Gmail accounts. Use Google Workspace ($6/month minimum) or a different provider like Outlook or Zoho.

Step-by-Step: Setting Up Gmail for Cold Outreach

Step 1: Buy a Separate Sending Domain

Do not send cold email from your primary company domain. If your domain gets blacklisted (it happens, even to careful senders), you don't want your company email going down with it.

Buy a variation of your domain — if your primary is acmecorp.com, buy acmecorp.io, tryacme.com, or getacme.com. Point it to Google Workspace and create your sending account there.

Cost: ~$12/year for the domain + $6/month for Google Workspace.

Step 2: Create a Google Workspace Account on Your Sending Domain

Sign up for Google Workspace Business Starter ($6/month) using your new domain. Create one user account per sender you plan to use. Name them realistically — alex@tryacme.com looks legitimate. send1@tryacme.com does not.

Step 3: Configure SPF, DKIM, and DMARC

This is the step most people skip. It's also the step that separates inbox placement from spam folder placement. Here's exactly what to do:

SPF Record:

Go to your domain registrar's DNS settings and add a TXT record:

Name: @ (or leave blank for root domain)
Value: v=spf1 include:_spf.google.com ~all

This tells receiving servers: "Google's mail servers are authorized to send email from my domain. Anything else claiming to be from my domain is probably spoofed."

DKIM Record:

1. Go to Google Admin Console > Apps > Google Workspace > Gmail > Authenticate email
2. Click "Generate new record"
3. Select your domain and copy the generated DKIM value
4. Add a TXT record in your DNS:

Name: google._domainkey
Value: [the long string Google gave you]

DKIM adds a cryptographic signature to every email you send. Receiving servers check this signature against your DNS record to verify the email wasn't tampered with in transit and genuinely came from your domain.

DMARC Record:

Name: _dmarc
Value: v=DMARC1; p=quarantine; rua=mailto:you@yourdomain.com

DMARC tells receiving servers what to do with emails that fail SPF and DKIM checks. p=quarantine means "send them to spam." p=reject means "don't deliver them at all." Start with quarantine for cold email; switch to reject once you're confident your setup is correct.

Verify your setup: Use MXToolbox or Google Admin Console's "Check MX" tool to verify all three records are correctly configured. Do not skip verification — a typo in any of these records means your emails go to spam.

Step 4: Enable 2FA and Generate an App Password

You need an "app password" so your cold email tool can connect to Gmail's SMTP server. This is a 16-character password that grants access to a specific app without exposing your main account password.

1. Go to your Google Account > Security > 2-Step Verification (enable it first if it's off)
2. Go to Security > App passwords
3. Select "Mail" as the app and your device type
4. Click "Generate"
5. Copy the 16-character password (it looks like abcd efgh ijkl mnop)

This app password is what you'll paste into your cold email tool's SMTP settings — not your regular account password.

Step 5: Warm Up Your Account (Non-Negotiable)

Here's the exact warmup schedule for a Google Workspace account:

Week	Emails/Day	What's Happening
Week 1	5 → 15	Establish baseline sending pattern. All emails go to warmup pool addresses that auto-open and reply.
Week 2	15 → 40	Increase volume. Engagement signals (opens, replies) from warmup pool build your reputation.
Week 3	40 → 80	Google's algorithm now sees consistent, positive engagement history. Account is building trust.
Week 4	80 → 100+	Ready for real cold campaigns at low volume. Start at 20-30 cold emails/day and mix with warmup sends.

Do NOT skip warmup. Every cold email sender who thinks they're the exception ends up with a suspended account. The warmup period is not optional — it's the insurance policy that keeps your account alive.

The 5 Gmail Settings to Change Before Your First Campaign

1. Enable IMAP access: Gmail Settings > See all settings > Forwarding and POP/IMAP > Enable IMAP. This allows your cold email tool to track replies and detect bounces by reading your inbox.
2. Turn off "Conversation View" (optional but recommended): Gmail Settings > See all settings > General > Conversation View > Off. This prevents thread grouping from interfering with your cold email tool's reply detection.
3. Create a "Sent Mail" label filter (optional): Create a filter that labels all outgoing cold emails. This helps you track campaign sends separately from personal email.
4. Check your sending limits: Google Admin Console > Reports > Apps Reports > Gmail. Monitor your daily send counts for the first few weeks to ensure you're staying within safe limits.
5. Set up Google Postmaster Tools: Go to postmaster.google.com, add your domain, and verify it. Postmaster Tools shows your domain's actual reputation score, spam complaint rate, and delivery errors — data you can't get anywhere else. Check it weekly.

Signs Your Account Is Getting Flagged (And What to Do)

Warning Sign 1: Deliverability Drop

What you'll see: Emails that normally land in inboxes start going to spam or promotions tab. Open rates drop suddenly with no change to your copy or list.

What to do: Pause all campaigns immediately. Check Postmaster Tools for your spam rate and domain reputation. If your spam rate is above 0.1%, your copy needs work. If your reputation is "low" or "bad," you sent too much too fast — reduce volume by 50% and re-warm for 2 weeks.

Warning Sign 2: SMTP Rate Limiting

What you'll see: Your cold email tool reports "rate limit exceeded" or "too many connections" errors. Emails queue but don't send.

What to do: Google is throttling you. This is a warning, not a ban — take it seriously. Reduce your daily volume by 30-50%. Spread sends across more time (don't send all 100 emails in the first hour). Add more random delay between individual sends.

Warning Sign 3: Bounce Rate Spike

What you'll see: Bounce rate jumps from under 2% to 5% or higher. Postmaster Tools shows an increase in "Messages rejected" or "Temporarily failed."

What to do: Stop sending immediately. Your list has dirty addresses. Verify the remaining unsent addresses before resuming. Remove every address that hard bounced — add them to a suppression list so they never get emailed again.

Warning Sign 4: Account Verification Requests

What you'll see: Google asks you to verify your identity with a phone number or recovery email. This happens before a suspension.

What to do: Verify immediately. Then pause campaigns for 48 hours. Google is signaling that your account behavior looks suspicious — pushing through the verification and continuing to send at the same volume is likely to trigger a suspension.

What to Do If Your Account Gets Suspended

1. Don't panic. Most first-time suspensions are reversible.
2. Go to Google's account recovery page and submit an appeal. In the explanation field, be honest: explain that you were sending cold outreach emails from a Google Workspace account, you didn't realize your volume was too high, and you'll reduce it going forward. Don't lie — Google's reviewers have seen every excuse.
3. Wait 24-72 hours. Appeals are reviewed by humans. Responding to the appeal email with more information within the first 24 hours can help.
4. If restored, start over. Treat the account as brand new. Warm up for 14 days at minimum before sending a single cold email. Reduce your target volume by 50%.
5. If denied, move on. Create a new Google Workspace account on a new domain. Do not reuse the old domain — it's now flagged. Learn from what went wrong and start fresh with proper warmup.

The Automation Alternative

Everything above is doable manually, but it's tedious. You're tracking warmup schedules, monitoring Postmaster Tools, managing SPF/DKIM/DMARC, and juggling multiple sending accounts — all before you've written a single email.

A cold email platform handles most of this automatically:

• Automated warmup with a pool of real accounts (not bots)
• SPF/DKIM/DMARC setup guidance per provider
• Bounce monitoring and automatic suppression
• Daily send limits enforced per campaign
• Sender health dashboard showing deliverability in real-time

XSendFlow includes all of these features starting at $15/month for the Starter plan. The free plan (40 emails/day, 1 campaign) is enough to test the waters without committing. And unlike shared-pool tools, you send from your own SMTP accounts — so your reputation stays yours.

Key Takeaways

• Never send cold email from a free @gmail.com address — use Google Workspace
• Buy a separate sending domain; never send from your primary company domain
• Set up SPF, DKIM, and DMARC before your first email
• Warm up every new account for at least 14 days (30 is better)
• Stay under 100-300 cold emails/day per account even on a fully warmed workspace account
• Monitor Postmaster Tools weekly — it's the only source of ground truth on your reputation
• If your spam rate crosses 0.1% or bounce rate crosses 5%, pause everything and investigate
• A suspension is not the end — appeal honestly, slow down, and learn from it